FC: One last round: RIAA replies to congressional source on hacking

From: Declan McCullagh (declanat_private)
Date: Thu Nov 01 2001 - 06:50:52 PST

  • Next message: Declan McCullagh: "FC: It's official: DOJ and Microsoft agree to settle antitrust case"

    Response to:
    "Congressional source replies to RIAA's we-don't-want-to-hack denial"
    ---------- Forwarded message ----------
    Date: Thu, 1 Nov 2001 09:31:29 -0500
    From: JCabreraat_private
    To: Declan McCullagh <declanat_private>, declanat_private
    Subject: RIAA Point by Point Rebuttal
    (1) "The RIAA does not assert that the language they provided staff would
    not have permitted this sort of conduct [hacking, planting viruses,
    destroying MP3 files,  etc.]"
         RIAA RESPONSE:  WRONG!  The language we provided staff would NOT have
    permitted this sort of conduct:
         First, the language would have applied ONLY to actions that do no more
    than "impair the availability" of data, a program, or a computer.  Section
    1030 refers both to the "integrity" and "availability" of data, but the
    language addressed only "availability."  Thus, if any action had the effect
    of deleting, altering or destroying data, a program or a computer (i.e.
    impacting "integrity") -- even unintentionally -- that would still be
    defined as "damage" under the Computer Fraud and Abuse Act and the
    copyright holder would have been subject to suit.
         Second, the initial language would only have protected "reasonable"
    measures.  Actions (such as hacking or deleting files) that caused damage
    to a computer or data would generally not be considered "reasonable," would
    likewise subject the copyright holder to suit.
         Finally, the language provided NO immunity from criminal prosecution.
    Thus, any actions taken by a copyright holder to protect its works would be
    at risk of criminal liability, a substantial guarantee that any measures
    would be responsible.
         All of this confirms that the language was not to give copyright
    owners broader enforcement powers, but only to limit the availability of
    "strike suits" or nuisance suits that would preclude the use of reasonable
    technical measures.
    (2) "What they may have "meant" to do does not explain their "extremely
    irresponsible" (at best) drafting."
         RIAA RESPONSE:  WRONG AGAIN.  What we "meant" to do is reflected in
    the drafting.  It's the "reading" of the language out of context that's
    (3) "According to the RIAA, the drafting of the Senate bill was done
    "privately" and would have had "unintended effects" on the law.  But what
    Hilary Rosen fails to note is that their solution ? offered in the vacuum
    of private negotiations ? would have done what EFF and other copyright
    scholars NOT on the RIAA payroll say it would have done: it wouldve [sic]
    created a license to hack.  I suppose the RIAA position must be that
    private negotiations involving the RIAA cannot possibly result in similarly
    "unintended effects."
         RIAA RESPONSE:  WRONG AGAIN, for the reasons described above. We
    recognize that a perfectly reasonable human being ? when shown this
    language without any context ? could think that it would allow any number
    of things, including hacking.  But in fact, as described above, that is not
    the case.  Anonymous ought to read the language carefully, in context as an
    amendment to an amendment to an existing statute (a very long and complex
    statute).  It is clear that Anonymous has not done this, but feels free to
    make irresponsible comments about what the language means anyway.
    (4) "Perhaps the RIAA will tell us who they met with at DOJ about this
    amendment?  Did they show their proposed language to anyone from the
    Executive Branch negotiating the bill?  If so, whom?
         RIAA RESPONSE:  Funny how Anonymous believes it's okay to be
    commenting without disclosing his or her identity, but wants everyone else
    to disclose their identities.  Sorry.  We do not believe it is appropriate
    or necessary to name the specific individuals with whom we have met
    regarding this legislation.  Suffice it to say, however, that we brought
    the issue to the attention of officials at DOJ as soon as we discovered
    that the proposed language inadvertently would have prevented us from using
    technical measures to protect copyrighted works.  We also raised this issue
    with the Senate staff working on the bill, as well as other industry groups
    before any proposal was sent.
    (5) "[RIAA claims that a copyright holder using any technical measures to
    protect its works could do so only at risk of criminal liability, a
    substantial guarantee that any such actions would be conducted
    responsibly.]  This is simply false! . . . [The RIAA made two initial
    proposals.]  Both proposals would have prohibited any civil cause of action
    for actions by a copyright owner for the "impairment of the availability of
    data. . . Yes the RIAA could still have been prosecuted ? which one must
    assume is how they are able to argue that their conduct resulting in damage
    would be "actionable."  But no civil actions could have been brought!  So
    victims could not have sued.  Period.  This is the sort of verbal parsing
    and misleading statement that the heads of the major record labels should
    instruct their staff at the RIAA to put a stop to once and for all."
         RIAA RESPONSE:  WRONG.  The proposals submitted by creators (to fix
    the unintentional effect the anti-terrorism bill would have had on
    antipiracy efforts) still would have allowed civil suits against creators
    on several new grounds.  First, the proposals included a new
    "reasonableness" standard that would have permitted lawsuits against
    creators for the use of any technical measures deemed unreasonable.  This
    new standard, when combined with the loosening of the damage requirement
    contained in the amendments proposed by the Department of Justice, would
    have provided greater flexibility to the judge or jury than the strictly
    monetary threshold that was previously in effect, and is the typical
    standard of almost all cases tried on a theory of negligence in this
    country.  Second, both proposals maintained civil liability if the relevant
    work was not being put to an infringing use (as when a defendant is
    engaging in "fair use").  As such, content owners would have borne the risk
    of a lawsuit if it turned out that the use was not infringing  Third, the
    limited civil exemption of both proposals applied only to technical
    measures that impaired the "availability of data, a program or system," and
    not to technical measures that affected the integrity of data.  Thus, if
    any action taken to protect copyrights had the effect of deleting, altering
    or destroying data, a program or a computer (i.e. impacting "integrity") ?
    the very type of activity raised by Anonymous ? that would still be subject
    to civil liability under section 1030.
         (6) "Previously the definition of "damage" under the act required that
    there be $5,000 in damage or loss to a victim.  Accordingly, absent some
    narrow exceptions, if a person hacked into a private network or computer
    and caused less than $5,000 in damage, he or she would not have broken the
    law. . .if you change the law to make it easier for the government to
    prosecute hackers by dropping the $5,000 threshold then you are also making
    it easier for victims of hackers to bring a private civil lawsuit.  The
    RIAA's proposed solution ? above ? would have given them a complete carve
    out from the civil actions ? Not just acts [stet] those resulting in less
    than $5,000 in damage but any amount of damage so long as they were trying
    to stop "unauthorized" (note, not necessarily illegal) copying."
         RIAA RESPONSE:  It is exactly because the bill changed the calculation
    of the threshold (as Anonymous points out), opening creators up to new
    lawsuits that could not have been brought previously, that a new solution
    was needed in order to preserve the intent of current law.  This solution,
    which Anonymous once again glosses over, was the requirement of
    "reasonableness."  In response to the new threshold requirements, the
    proposal recommended that any exemption must be denied if a court or jury
    finds the measures taken by the copyright owner to be unreasonable.  Thus,
    the "complete carve out from civil actions" described above is simply
    (7) "Yes there were a myriad of organizations concerned about the effects
    of the change on current law, but the RIAA's proposed amendment was not
    supported by those groups, was it?  Did eBay, the Net Coalition, SIAA
    support their draft.  No.  Not even AOL ? a member of RIAA ? was happy with
    the original amendment offered by Mr. Glazier.  Yes, they all supported the
    final version ? the version that was worked out AFTER the RIAA was caught."
         RIAA RESPONSE:  WRONG.  The database producers mentioned by Anonymous
    had no objection to the original proposal.  Different companies and
    industries bring differing concerns to the table.  eBay's concerns had
    nothing to do with copyright, for example.  Our point was not that other
    industry groups wanted to solve a copyright problem, but that multiple
    industry groups recognized that the Senate provision had inadvertent
    adverse effects ON THEM as well, unrelated to copyright, and needed to be
    fixed.  And we mention that only to disprove the canard that we were
    attempting to take advantage of the anti-terrorism legislation.  To the
    contrary, we were responding to a problem CAUSED by the anti-terrorism
    bill, just like the other industries did when they learned of it.
         This is our last posting on this issue.  We've said our piece, here
    and lots of other places, a number of times.  We've even responded to
    anonymous critics that don't have the courtesy (or the confidence in their
    criticism) to disclose their identities.
         The legislation has passed.  People will think what they think.  It's
    time to move on.
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/

    This archive was generated by hypermail 2b30 : Thu Nov 01 2001 - 07:51:58 PST